Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

RSA 2012: LulzSec As a CloudFlare Customer

The CloudFlare team was surprised when cyber-pranksters LulzSecurity signed up to take advantage of its services last year, Matthew Prince, CEO of CloudFlare said Feb. 28 at the RSA Conference in San Francisco. With LulzSec as a customer, CloudFlare had a unique insight into the group's activities and also the

The CloudFlare team was surprised when cyber-pranksters LulzSecurity signed up to take advantage of its services last year, Matthew Prince, CEO of CloudFlare said Feb. 28 at the RSA Conference in San Francisco. With LulzSec as a customer, CloudFlare had a unique insight into the group's activities and also the opportunity to discover the security resilience of its infrastructure and operations, Prince said.

For a three-week period between May and June, CloudFlare's infrastructure was under heavy bombardment by several groups and individual cyber-attackers intent on knocking LulzSec offline with their own distributed denial of service attacks, Prince said. The attacks included Layer 7 and Layer 3 /4 DdoS attacks, reflection attacks and IP scans. Some attackers figured out what switching and routing infrastructure was being used by CloudFlare and launched vendor-specific attacks on the router interfaces, according to Prince. Attack traffic peaked at 21 gigabytes on June 16, shortly after LulzSec had attacked several popular online gaming sites, including Minecraft, Prince said.

CloudFlare treated the experience, not as a nightmare, but as a learning experience, Prince said.

CloudFlare is a content delivery provider, much like the bigger and better known Akamai. The company operates 14 data centers worldwide and handles 30 million page views a month. LulzSec signed up for the free version of the service June 2.

LulzSec had gained notoriety less than a month previously with frequent and audacious attacks against high-profile targets that caused a lot of embarrassment for parties involved. The group was not out for financial gain and was launching attacks for entertainment. LulzSec ceased operations June 25.

Immediately after joining the network, the group began launching DdoS attacks against other sites, including Sony Pictures and the Central Intelligence Agency, Prince said. None of the actual hacking activity occurred within CloudFlare's network, nor was any illegal content hosted on its sites.

With LulzSec as a customer, law enforcement agencies came knocking.

Prince declined to share specifics on the kind of information CloudFlare handed over, but said it complied with "valid subpoenas."

After careful contemplation, CloudFlare chose not to cancel the group's account. The company generally works with law enforcement if a botnet command and control server is identified within its distributed network environment but generally doesn't terminate any accounts unless there is clear criminal activity such as distributing malware or offensive content, Prince said. Law enforcement also did not ask CloudFlare to stop doing business with LulzSec, according to Prince.

While users on the free service are required to provide only a valid email address, username and password, CloudFlare collects and stores limited amounts of information for each customer, Prince said. LulzSec used the same username on CloudFlare as the one used on Internet Relay Chat and once forgot to use multiple proxies to hide the IP address before logging in, he said.